FunFact .cry File Virus (Restore Encrypted Files) - How to, Technology and PC Security Forum |

FunFact .cry File Virus (Restore Encrypted Files)


with SpyHunter

Scan Your System for Malicious Files
Note! Your computer might be affected by FunFact and other threats.
Threats such as FunFact may be persistent on your system. They tend to re-appear if not fully deleted. A malware removal tool like SpyHunter will help you to remove malicious programs, saving you the time and the struggle of tracking down numerous malicious files.
SpyHunter’s scanner is free but the paid version is needed to remove the malware threats. Read SpyHunter’s EULA and Privacy Policy

This article will help you to remove FunFact ransomware using the .cry file extension. It will also help you try and restore some of the .cry encrypted files.

A ransomware virus has appeared out in the wild, encrypting archives, pictures, Microsoft office documents and other important files. The virus is dubbed FunFact and has a note.ini ransom note which it opens after encrypting the files. In the ransom notes, clear demands are made by the cyber-criminals to pay a requested amount in around 1.6 BitCoin in a 7-day deadline. In case you have become a victim of this ransomware virus, advises are to focus on removing it immediately and trying to restore files encrypted via RSA and AES ciphers by FunFact.

Threat Summary



Short DescriptionThe malware encrypts users files using a combination of the AES and RSA encryption algorithms.
SymptomsThe user may see a ransom note named note.ini asking to pay in BTC to an address. Files may be encrypted with the .cry file extension.
Distribution MethodVia an Exploit kit, Dll file attack, malicious JavaScript or a drive-by download of the malware itself in an obfuscated manner.
Detection Tool See If Your System Has Been Affected by FunFact


Malware Removal Tool

User ExperienceJoin our forum to Discuss FunFact.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

FunFact Ranosmware – How Does It Infect Users

FunFact is no different than any other ransomware virus. It could be spread via e-mail spam and the spam may contain malicious attachments which have:

  • Exploit kits embedded.
  • Malicious JavaScript or .js types of files.
  • Files that are legitimate .doc, .docx, xls or .pdf format, containing malicious macros.

To cause an infection, the criminals may make it seem as if the spammed messages are sent out as if they are legitimate messages from well-known companies or organizations.

Once they open the e-mail attachment and become infected by the malware, the virus may establish contact with multiple domains and addresses:

  • (to get your IP address)

After this has been done, the payload of FunFact ransomware may be downloaded. It consists of the following files:

%TEMP%\{random A-Z 0-9}.tmp

FunFact Ranosmware – Post-Infection and Encryption

Besides obtaining the IP address of the infected computer, the FunFact virus may begin to scan for various files to encrypt. Amongst the encrypted files by this virus may be the following file types:

.7z, .ace, .arj,. bz2, .cab, .gz, .jpeg, .jpg, .lha, .lzh, .mp3, .rar, .taz, .tgz, .z, .zip, .xls, .docx, .doc, .xml

The encrypted files may be encoded with the Advanced Encryption Algorithm (AES) and for the encryption key, an algorithm called RSA may be used. The files are reported to possibly have the .cry file extension added to them. They may appear like the following:

After encryption, the FunFact ransomware adds it’s distinctive note.ini ransom note and automatically opens it. The note has the following message for the victim:

Remove FunFact Ransomware and Try Restoring Your Files

In order to remove this ransomware virus completely from your computer, it is strongly recommended to follow our removal instructions posted down below. They are specifically designed to perform effective removal by either manually look for the files or automatically taking care of them via an advanced anti-malware tool (recommended).

After having already removed FunFact ransomware from your computer, it is strongly recommended to focus on restoring your data via some of the alternative methods which we have mentioned below in step “2. Restore files encrypted by FunFact”. These methods may not work on 100 percent but they may also restore some of your files, it really depends on the situation.

Note! Your computer system may be affected by FunFact and other threats.
Scan Your PC with SpyHunter
SpyHunter is a powerful malware removal tool designed to help users with in-depth system security analysis, detection and removal of threats such as FunFact.
Keep in mind, that SpyHunter’s scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter’s malware removal tool to remove the malware threats. Read our SpyHunter 5 review. Click on the corresponding links to check SpyHunter’s EULA, Privacy Policy and Threat Assessment Criteria.

To remove FunFact follow these steps:

1. Boot Your PC In Safe Mode to isolate and remove FunFact files and objects
2. Find files created by FunFact on your PC

Use SpyHunter to scan for malware and unwanted programs

3. Scan for malware and unwanted programs with SpyHunter Anti-Malware Tool
4. Try to Restore files encrypted by FunFact

Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share